magic_rb/dotfiles
1
0
Fork 0
mirror of https://git.sr.ht/~magic_rb/dotfiles synced 2024-11-29 11:36:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
dotfiles/terranix/default.nix
magic_rb 9fed40a9b2
Add kubernetes uterranix infrastructure 
Signed-off-by: magic_rb <magic_rb@redalder.org>
2024-03-09 16:46:20 +01:00

241 lines
5.6 KiB
Nix
Raw Blame History

{
config,
elib,
tflib,
lib,
pkgs,
...
}: let
paths.toothpick.consul = {
encryption_key = "do-1/toothpick/consul/encryption_key";
agent_token = "do-1/toothpick/consul/agent_token";
anonymous_token = "do-1/toothpick/consul/anonymous_token";
replication_token = "do-1/toothpick/consul/replication_token";
};
paths.toothpick.nomad = {
encryption_key = "do-1/toothpick/nomad/encryption_key";
vault_token = "do-1/toothpick/nomad/vault_token";
consul_token = "do-1/toothpick/nomad/consul_token";
replication_token = "do-1/toothpick/nomad/replication_token";
};
inherit
(tflib)
tf
;
inherit
(lib)
singleton
;
in {
provider."vault" = {
address = "https://vault.in.redalder.org:8200";
};
provider."consul" = {
address = "http://consul.in.redalder.org:8500";
};
provider."nomad" = [
{
address = "http://nomad.in.redalder.org:4646";
}
{
address = "http://10.64.0.1:4646";
region = "do-1";
alias = "do-1";
}
];
provider."kubernetes" = {
host = "https://localhost:6443";
};
# provider."influxdb-v2" = {
# url = "http://influx.in.redalder.org";
# };
variable."hcloud_token" = {
sensitive = true;
};
provider."hcloud" = {
token = tf "var.hcloud_token";
};
imports = [
(elib.terraformModule {
name = "syncthing";
source = ./containers/syncthing;
})
(elib.terraformModule {
name = "website";
source = ./containers/website;
})
(elib.terraformModule {
name = "hydra";
source = ./containers/hydra;
})
(elib.terraformModule {
name = "matrix";
source = ./containers/matrix;
})
(elib.terraformModule {
name = "jellyfin";
source = ./containers/jellyfin;
})
(elib.terraformModule {
name = "gitea";
source = ./containers/gitea;
})
(elib.terraformModule {
name = "home-assistant";
source = ./containers/home-assistant;
})
(elib.terraformModule {
name = "ingress-blowhole";
source = ./containers/ingress-blowhole;
})
(elib.terraformModule {
name = "ingress-toothpick";
source = ./containers/ingress-toothpick;
providers = {
"nomad.do-1" = "nomad.do-1";
};
})
(elib.terraformModule {
name = "gateway-mesh";
source = ./containers/gateway-mesh;
})
(elib.terraformModule {
name = "nfs-csi";
source = ./containers/nfs-csi;
})
# elib.terraformModule {
# name = "nfs-csi";
# source = ./containers/minecraft/vanilla;
# }
(elib.terraformModule {
name = "minecraft-enigmatica-6";
source = ./containers/minecraft/enigmatica6;
})
(elib.terraformModule {
name = "kubernetes";
source = ./kubernetes;
})
# (elib.terraformModule {
# name = "nfs-csi";
# source = ./containers/minecraft/ftb-infinity;
# })
# elib.terraformModule {
# name = "nfs-csi";
# source = ./containers/minecraft/ftb-integrations;
# }
./modules/push_approles.nix
./modules/consul_agent.nix
./modules/nomad_server.nix
./pki.nix
./blowhole.nix
./toothpick.nix
./altra.nix
];
terraform.backend."consul" = {
address = "consul.in.redalder.org:8500";
scheme = "http";
path = "terraform/dotfiles";
};
# terraform.required_providers = {
# hcloud.source = "hetznercloud/hcloud";
# influxdb-v2.source = "MagicRB/influxdb-v2";
# };
resource."vault_auth_backend"."approle" = {
type = "approle";
tune = singleton {
max_lease_ttl = "90000s";
listing_visibility = "unauth";
allowed_response_headers = null;
audit_non_hmac_request_keys = null;
audit_non_hmac_response_keys = null;
default_lease_ttl = null;
passthrough_request_headers = null;
token_type = null;
};
};
resource."vault_mount"."kv" = {
path = "kv";
type = "kv";
options.version = "2";
description = "KV Version 2 secret engine mount";
};
resource."vault_kv_secret_backend_v2"."config" = {
mount = config.resource."vault_mount"."kv".path;
max_versions = 5;
};
resource."consul_acl_token"."vault_management_token" = {
description = "Vault management token";
policies = ["global-management"];
local = false;
};
data."consul_acl_token_secret_id"."vault_management_token" = {
accessor_id = tf "consul_acl_token.vault_management_token.id";
};
resource."vault_consul_secret_backend"."consul" = {
path = "consul";
description = "Manages the Consul backend";
address = "consul.in.redalder.org:8500";
token = tf "data.consul_acl_token_secret_id.vault_management_token.secret_id";
};
resource."vault_token_auth_backend_role"."nomad_cluster" = {
role_name = "nomad-cluster";
disallowed_policies = ["nomad-server"];
orphan = true;
token_period = "259200";
renewable = true;
token_explicit_max_ttl = "0";
};
resource."random_id"."nomad_encryption_key" = {
byte_length = 32;
};
resource."random_id"."homelab-1_consul_encryption_key" = {
byte_length = 32;
};
resource."random_id"."do-1_consul_encryption_key" = {
byte_length = 32;
};
resource."consul_acl_policy"."anonymous" = {
name = "consul-anonymous";
rules = ''
service_prefix "" { policy = "read" }
node_prefix "" { policy = "read" }
'';
};
resource."consul_acl_token"."anonymous" = {
description = "Consul anonymous token";
policies = [
config.resource.consul_acl_policy.anonymous.name
];
local = false;
};
data."consul_acl_token_secret_id"."anonymous" = {
accessor_id = tf "consul_acl_token.anonymous.id";
};
}
Reference in a new issue View git blame Copy permalink